Fedramp Master Acronym and Glossary Document

Fedramp Master Acronym and Glossary Document

FedRAMP Master Acronym and Glossary Version 1.6 07/23/2020 i​[email protected] fedramp.gov Master Acronyms and Glossary DOCUMENT REVISION HISTORY Date Version Page(s) Description Author 09/10/2015 1.0 All Initial issue FedRAMP PMO 04/06/2016 1.1 All Addressed minor corrections FedRAMP PMO throughout document 08/30/2016 1.2 All Added Glossary and additional FedRAMP PMO acronyms from all FedRAMP templates and documents 04/06/2017 1.2 Cover Updated FedRAMP logo FedRAMP PMO 11/10/2017 1.3 All Addressed minor corrections FedRAMP PMO throughout document 11/20/2017 1.4 All Updated to latest FedRAMP FedRAMP PMO template format 07/01/2019 1.5 All Updated Glossary and Acronyms FedRAMP PMO list to reflect current FedRAMP template and document terminology 07/01/2020 1.6 All Updated to align with terminology FedRAMP PMO found in current FedRAMP templates and documents fedramp.gov page 1 Master Acronyms and Glossary TABLE OF CONTENTS About This Document 1 Who Should Use This Document 1 How To Contact Us 1 Acronyms 1 Glossary 15 fedramp.gov page 2 Master Acronyms and Glossary About This Document This document provides a list of acronyms used in FedRAMP documents and templates, as well as a glossary. There is nothing to fill out in this document. Who Should Use This Document This document is intended to be used by individuals who use FedRAMP documents and templates. How To Contact Us Questions about FedRAMP, or this document, should be directed to ​[email protected]​. For more information about FedRAMP, visit the website at ​https://www.fedramp.gov​. Acronyms Below is the master list of FedRAMP acronym definitions for all FedRAMP templates and documents. Please send ​suggestions about corrections, additions, or deletions to ​[email protected]​. Acronym Definition 3PAO Third Party Assessment Organization A2LA American Association of Laboratory Accreditation AA Annual Assessment fedramp.gov page 1 Master Acronyms and Glossary AAL Authenticator Assurance Level AC Access Control (security control family) ACL Access Control List AICPA American Institute of Certified Public Accountants AO Authorizing Official API Application Programming Interface APL Approved Products List (DoD) ASHRAE American Society of Heating, Refrigerating and Air-conditioning Engineers AT Awareness and Training (security control family) ATO Authority to Operate AU Audit and Accountability (security control family) BCP Business Continuity Plan BCR Baltimore Cyber Range BIA Business Impact Analysis / Business Impact Assessment BOD Binding Operational Directive (DHS) BPA Blanket Purchase Agreement C&A Certification and Accreditation CA Security Assessment and Authorization (security control family) CAC Common Access Card CAP Corrective Action Plan CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart CCB Change Control Board / Configuration Control Board CDM Continuous Diagnostics and Mitigation CD-ROM Compact Disc Read-Only Memory fedramp.gov page 2 Master Acronyms and Glossary CERT Computer Emergency Readiness Team CI Configuration Item CI/CD Continuous Integration/Continuous Deployment CIA Confidentiality, Integrity, Availability CIDR Classless Inter-Domain Routing CIM Common Information Model CIO Chief Information Officer CIOC Chief Information Officer Council CIRT Computer Incident Response Team CIS Control Implementation Summary CISO Chief Information Security Officer CLI Command Line Interface CM Configuration Management (security control family) CMMI Capability Maturity Model Integration CMP Configuration Management Plan CMVP Cryptographic Module Validation Program CO Contracting Officer CoLo Co Location ConMon Continuous Monitoring CONOPS Concept of Operations CONUS Continental/Contiguous United States COOP Continuity of Operations Plan COR Contracting Officer’s Representative COTS Commercial Off-The-Shelf fedramp.gov page 3 Master Acronyms and Glossary CP Contingency Planning (security control family) CPC Contingency Planning Coordinator CPD Contingency Planning Director CR Change Request CRM Customer Relationship Management CSA Cloud Security Alliance CSIRC Computer Security Incident Response Center CSO Cloud Service Offering CSP Cloud Service Provider CSV Comma Separated Values CTO Chief Technology Officer CTW Control Tailoring Workbook CUI Controlled Unclassified Information CVE Common Vulnerabilities and Exposures CVSS Common Vulnerability Scoring System D&A Document and Assess (LI-SaaS) DAA Designated Approving Authority DAS Direct Attached Storage DDoS Distributed Denial of Service DFR Detailed Finding Review DHCP Dynamic Host Configuration Protocol DHS Department of Homeland Security DISA Defense Information Systems Agency DMZ Demilitarized Zone fedramp.gov page 4 Master Acronyms and Glossary DNS Domain Name System / Domain Name Server DNSSEC Domain Name System Security Extensions DoD Department of Defense DoH DNS over HTTPS DoS Denial of Service DoT DNS over TLS DR Deviation Request DS Database Scan EA Enterprise Architecture (OMB) E-Authentication Electronic Authentication E-Discovery Electronic Discovery EC-Council International Council of Electronic Commerce Consultants ECSB Enterprise Cloud Service Broker ESI Electronically Stored Information FAL Federation Assurance Level FAQ Frequently Asked Questions FAR Federal Acquisition Regulation FDCCI Federal Data Center Consolidation Initiative FDIC Federal Deposit Insurance Corporation FED Federal Government FedRAMP Federal Risk and Authorization Management Program FFRDC Federally Funded Research and Development Center FICAM Federal Identity, Credential, and Access Management FIPS Federal Information Processing Standards fedramp.gov page 5 Master Acronyms and Glossary FIPS PUB Federal Information Processing Standard Publication FISMA Federal Information Security Management Act (2002) FISMA Federal Information Security Modernization Act (2014) FOC Final Operating Capability FOIA Freedom of Information Act FP False Positive FPS Federal Protective Service FRA Federal Records Act FTP File Transfer Protocol GFI Government Furnished Information GIAC Global Information Assurance Certification GMT Greenwich Mean Time GSA General Services Administration GSS General Support System GUI Graphical User Interface HF High Frequency HIDS Host Intrusion Detection System HIPAA Health Insurance Portability and Accountability Act HIPS Host Intrusion Prevention System HRT Hardware Recovery Team HSM Hardware Security Module HSPD Homeland Security Presidential Directive HSTS HTTP Strict Transport Security HTTP Hypertext Transfer Protocol fedramp.gov page 6 Master Acronyms and Glossary HW Hardware IA Identification and Authentication (security control family) IA Independent Auditor / Assessor IAA Inter-Agency Agreement IaaS Infrastructure as a Service IAL Identity Assurance Level IAO Independent Assessment Organizations IAP Internet Access Points IAW In Accordance With ID Identification IG Inspector General IOC Initial Operating Capability IP Internet Protocol IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 IPSec Internet Protocol Security IPT Integrated Product Team IR Incident Response (security control family) IRP Incident Response Plan IS Information System ISA Interconnection Security Agreement ISCP Information System Contingency Plan iSCSI Internet Small Computer System Interface ISConMon Information Security Continuous Monitoring fedramp.gov page 7 Master Acronyms and Glossary ISIMC Information Security and Identity Management Committee ISO/IEC International Organization for Standardization / International Electrotechnical Commission ISP Internet Service Provider ISPP Information Security Policies and Procedures ISSO Information System Security Officer IT Information Technology ITCP IT Contingency Plan IV&V Independent Verification and Validation IXP Internet Exchange Point JAB Joint Authorization Board (FedRAMP) JSON JavaScript Object Notation LAN Local Area Network LDAP Lightweight Directory Access Protocol LI-SaaS Low Impact Software as a Service LMS Learning Management System MA Maintenance (security control family) MAC Media Access Control MAX MAX.gov (Secure Repository) MFA Multi-Factor Authentication MOA Memorandum of Agreement MOU Memorandum of Understanding MP Media Protection (security control family) MSSP Managed Security Service Provider MT Manual Test fedramp.gov page 8 Master Acronyms and Glossary MTIPS Managed Trusted IP Service N/A Not Applicable NARA National Archives and Records Administration NAS Network Attached Storage NAT Network Address Translation NDA Non-Disclosure Agreement NetBIOS Network Basic Input/Output System NFPA National Fire Protection Association NGO Non-Governmental Organization NIAP National Information Assurance Partnership NIS Network Information System NISP National Industrial Security Program NIST National Institute of Standards and Technology NIST SP NIST Special Publication NNTP Network News Transfer Protocol NOC Network Operations Center NPPD National Protection and Programs Directorate (DHS) NSA National Security Agency NTP Network Time Protocol NTTAA National Technology Transfer and Advancement Act NVD National Vulnerability Database NVI NAT Virtual Interface ODAL Outage and Damage Assessment Lead OEP Occupant Emergency Plan fedramp.gov page 9 Master Acronyms and Glossary OGC Office of the General Counsel OIG Office of the Inspector General OMB Office of Management and Budget OR Operational Requirement OS Operating System OSINT Open Source Intelligence OSCAL Open Security Controls Assessment Language OSCP Online Certificate Status

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    24 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us